package jdbc.day1.demo3_sql注入;

import jdbc.Util;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Scanner;

public class Test {
    public static void main(String[] args)throws Exception {
        pre();
    }

    static void st()throws Exception{
        String name=getUser();
        String pass=getPass();
        String sql="select * from user where name='"+name+"' and password='"+pass+"'";
        System.out.println(sql);
        Connection con= Util.getConnection();
        Statement st=con.createStatement();
        ResultSet rs=st.executeQuery(sql);
        if(rs.next()){
            System.out.println("用户名及密码正确，name="+name+",pass="+pass);
        }
        rs.close();
        st.close();
        con.close();
    }

    static void pre()throws Exception{
        String name=getUser();
        String pass=getPass();
        String sql="select * from user where name=? and password=?";
        System.out.println(sql);

        Connection con= Util.getConnection();
        PreparedStatement st=con.prepareStatement(sql);
        st.setString(1,name);
        st.setString(2,pass);
        ResultSet rs=st.executeQuery();
        if(rs.next()){
            System.out.println("用户名及密码正确，name="+name+",pass="+pass);
        }
        rs.close();
        st.close();
        con.close();
    }
    static String getUser(){
        System.out.println("输入用户名：");
        return new Scanner(System.in).nextLine();
    }

    static String getPass(){
        System.out.println("输入密码：");
        return new Scanner(System.in).nextLine();
    }
}
